# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: pmd on: push: branches: [ $default-branch, $protected-branches ] pull_request: branches: [ $default-branch ] schedule: - cron: $cron-weekly permissions: contents: read jobs: pmd-code-scan: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up JDK 11 uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' - name: Run PMD id: pmd uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29 with: rulesets: 'rulesets/java/quickstart.xml' sourcePath: 'src/main/java' analyzeModifiedFilesOnly: false - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v3 with: sarif_file: pmd-report.sarif